Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR and Boards.ie post removal policy **update linked in OP 24/5/18**

  • 11-05-2018 11:19am
    #1
    Closed Accounts Posts: 39,022 ✭✭✭✭


    Please see this post for the Boards.ie updated GDPR effective from December 2018 ~Niamh

    This post has been deleted.

    Re-instated update 29/07/18
    Given that GDPR comes into effect on 25 May we wanted to give you a quick update on how this will impact Boards and our community and what changes we are making to the site and our procedures and processes in order to be compliant with the new regulations.

    Policies

    We are currently updating our Terms of Use, Privacy Notice and Cookies Policy in light of GDPR. There are some final clarifications that we are awaiting feedback on from our lawyers but we expect the updated policies to be live on the site on 25 May.

    Personal Data

    Boards processes personal data of its registered users. This applies to anyone who has a Boards account (that has not subsequently been closed). Boards does not process personal data for people who visit the site and have not registered for a Boards account.

    Data Access Requests

    Under GDPR users have the right to request access to any of their personal data that is held by Boards. In order for Boards to process a data access request from a registered user of the site we need to verify the identity of the person making the request. Therefore, the process for requesting your personal data is as follows:
    • For identity verification purposes the data access request must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).
    • Data access requests will only be processed for the user account from which the PM was sent. We will not process data access requests for personal data related to 3rd party accounts
    • Once processed, an encrypted zip file containing the personal data will be sent to the email address associated with the user account
    • The password required to decrypt the zip file will separately be PM’d to the user making the data access request
    • If for any reason you cannot log onto to your Boards account you should follow the standard password reset procedures

    We will begin processing data access requests from 25 May onwards and will respond with 30 days.

    Account Closure / Erasure of Personal Data

    Users have the option to close their Boards account. This option is available in User Control Panel / User Settings. If this option is selected all personal data will be permanently deleted. Your Boards username will be retained but this will not be associated with any other information relating to an identified or identifiable natural person and therefore will no longer be considered personal data.

    In specific instances where a person could reasonably or easily be identified from their Boards username we will consider requests to change the username; these will be dealt with on a case-by-case basis.

    Should you wish that all your personal data be erased from Boards systems you should choose to close your Boards account.

    Inactive Accounts

    Under the GDPR principle of not retaining personal data longer than is required we intend to email all inactive users (users who have not logged onto Boards for 6 years or more) to see if they still want to remain a member of Boards. Inactive users will have 30 days to log onto the site. If they do so within the 30 days we will remove them from the inactive user list. If they do not we will assume that they no longer wish to retain their Boards account and we will begin the process of closing their accounts.

    User Posts

    For users with an active Boards account, posts made by a user can be associated with other information held by Boards that relates to an identified or identifiable natural person (for example a post can be associated with a user’s email address and/or real name). Therefore, posts made by a user with an active Boards account are considered personal data and GDPR regulations apply to these posts, including the right of erasure. As such, from 25 May we will begin to process requests for erasure of posts from users with an active Boards account. These requests must be sent via a Private Message (PM) to the following recipient Boards.ie: GDPR (if for any reason you are unable to access or send a PM please email datarequests@boards.ie and we will get back to you with further instructions).

    For closed accounts all personal data (other than users’ posts) will be deleted. Therefore, posts made by users whose accounts were subsequently closed cannot be associated with other information held by Boards that relates to an identified or identifiable natural person and as such are not considered personal data and GDPR does not apply to this data.

    In specific instances where the content of a post contains sensitive data or data that could be used to identify an individual we will consider requests to edit or delete the post; these will be dealt with on a case-by-case basis.
    Post edited by Shield on


«13456722

Comments

  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,393 Admin ✭✭✭✭✭Beasty


    It applies to personal data. We've taken down personal info on request and will, I am sure, continue to do so

    Most users take advantage of the anonymity that boards affords them, and there are few instances of personal data being posted.

    To be clear though, these are my personal observations, and I'm sure someone from the office will be along to clarify if I have got anything wrong


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    I'll defer to HQ for a formal answer to this. I'll make sure they see this question


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,393 Admin ✭✭✭✭✭Beasty


    ....... wrote: »
    This post has been deleted.
    I thought the "close account" option dealt with that


  • Advertisement
  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    Beasty wrote: »
    I thought the "close account" option dealt with that

    Definitely not. I’ve just complained about a ban from a forum because I had never been infracted before in this account to be told that it was because of other accounts. Going back years. Since I’ve moved house and changed isp in that time I wonder what the tracking is. Closing doesn’t delete much.

    What’s the mechanism for getting data deleted? I don’t care about posts but other data that may be stored.


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    A small update - HQ are actively working on GDPR matters at the moment and will post an update once some open questions have been addressed.


  • Advertisement
  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    Permabear wrote: »
    This post had been deleted.


    If there’s no links between Permabear and your real name or any email address, or anything else thats identifying, i would think it should be ok. FB is a real name platform. Google has to remove searches on real names but I doubt that a search for Permabear could be removed unless a breach tying your real name to PB was already in the wild. Will take some court cases to sort out the grey areas maybe.


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,393 Admin ✭✭✭✭✭Beasty


    Will take some court cases to sort out the grey areas maybe.
    Agree on this, but it does make things difficult as we adopt a better safe than sorry approach (an approach that anyone underwriting the site's exposure to legal claims will presumably require adhering to)


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    ^

    Agreed in general. Which is why I am questioning my previous accounts being brought up in an infraction. That should go.

    But if permabear after closing was not linked to any email address, ip, previous accounts if any, then the pseudonym itself isn’t a breach of privacy. I would think.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Boards.ie Employee Posts: 5,461 ✭✭✭✭✭Boards.ie: Mark
    Boards.ie Employee


    We'll have an official comment to share very soon.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 1,926 ✭✭✭Reati


    We'll have an official comment to share very soon.

    Jaysus last minute job. Its enacted it like 2 weeks or something. Have ye been not been playing attention to the tech news lol


  • Registered Users, Registered Users 2 Posts: 33,518 ✭✭✭✭dudara


    The standard period is a month. The organisation can extend by a further two months if they will require the time to respond to the Subject Access Request (i.e. a complex or lengthy request). If they require the additional time, they should keep you informed.


  • Advertisement
  • Registered Users, Subscribers, Registered Users 2 Posts: 13,631 ✭✭✭✭antodeco


    An interesting thing to remember is that if your username is "linkable" to personal data, it is to be treated the same. Ie: if you use the same username on social media platforms, and in turn, those platforms identify you personally, your username is then to be treated as same.

    However, common sense should be used in this example, as boards are not responsible for how you link your social media accounts to your boards usernames so cannot be held responsible for where you use that username elsewhere. It should still be considered to be personal data.


  • Registered Users, Registered Users 2 Posts: 4,165 ✭✭✭Captain Obvious


    Well the first exemption from the rule is that
    the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed

    So if you are a banned poster they could probably argue they need to keep certain data to properly manage the site. Same goes with post history. It would be like removing random pages from a book in some cases if they just removed full post histories. I'd imagine they could find a middle ground. Maybe change the username and redact personal info in specified posts.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    Consider they don't let people post in old threads and most of the old threads are badly dated.
    And you can't search properly anyway.

    Those decisions have basically decimated any value in old threads and posts.

    There is really no need to keep anything older than about 12 months at this point. I'd say even 6 months.


  • Administrators, Social & Fun Moderators, Sports Moderators Posts: 78,393 Admin ✭✭✭✭✭Beasty


    beauf wrote: »
    Consider they don't let people post in old threads and most of the old threads are badly dated.
    And you can't search properly anyway.

    Those decisions have basically decimated any value in old threads and posts.

    There is really no need to keep anything older than about 12 months at this point. I'd say even 6 months.
    That is entirely dependent on forum, thread and indeed who is looking. I started my cycling logs back in 2010, and I will still have a look back on occasion. Someone wanting to have a look back at the various referendums (and indeed elections) that have taken place during the lifetime of Boards can get a flavour of what was happening at the time and how those campaigns evolved. I appreciate it's not everyone's cup of tea but some people do get some value over being able to look back at what was posted in the past

    Anyway, we await the official line, but I'm struggling to see what there would be in terms of personal information posted by users over the years, and indeed whether they have any desire to see it removed (which can be requested already)


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    It's a very unreliable means of storing anything you might want to reference in the future.

    But I take your point.


  • Administrators, Society & Culture Moderators Posts: 14,914 Admin ✭✭✭✭✭Big Bag of Chips


    With the habit people have of quoting entire posts, often times very lengthy ones, I can see problems where if it happens that a poster can ask for their entire posting history to be deleted, an awful lot will still be left in quotes.

    Would boards be expected to then edit every post that mentions/quotes a deleted poster?


  • Closed Accounts Posts: 4,360 ✭✭✭Lorelli!


    Permabear wrote: »
    This post had been deleted.

    I saw it suggested somewhere before that once an account is closed, the username could be changed to a generic name within threads.

    To remove the actual account profile containing an accumulation of the person's posts but leave the posts there so it does not spoil older threads but the persons posts could not be connected to each other and are not still grouped together as part of a profile. Not sure how difficult that would be or if it could be done? Also giving people the option to delete certain posts that they feel had compromised their identity.

    The anonymity of Boards is one major advantage it has over most other social media sites so working towards keeping and improving that is a positive imo.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    Could rename the user a different name differently in different threads. Then the thread keeps cohesion and their threads cant be linked.


  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    A changed random name that’s unique for a user is the same as a pseudonym.

    Unless it’s one name (deleted user). Or as beauf says renamed per thread.

    The main thing for me is that a closed account should remove identifying links like email, ip etc.


  • Advertisement
  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    The big technical problem is that quoted posts contain the name and I believe that’s pretty much hard coded.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    The big technical problem is that quoted posts contain the name and I believe that’s pretty much hard coded.

    Must be able to write a script that changes a username if found in the comments in the same thread in which that username has posted.

    Tbh this was always a problem and boards took the line of keeping old posts while making it obsolete by locking old threads.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,774 Admin ✭✭✭✭✭hullaballoo


    As a lawyer who's also happily an expert on data protection, I don't see the issues as starkly as above or some of the other posts on this thread thus far.

    I've not been asked for my views and I await the official response as much as anyone else but I don't think the GDPR goes where many people seem to incorrectly, in my view, think it does.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,774 Admin ✭✭✭✭✭hullaballoo


    They should have drafted the law in that way, if that's what they were aiming for.

    As it is, it's a swing and a miss. (In my view.)


  • Advertisement
  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    As a lawyer who's also happily an expert on data protection, I don't see the issues as starkly as above or some of the other posts on this thread thus far.

    I've not been asked for my views and I await the official response as much as anyone else but I don't think the GDPR goes where many people seem to incorrectly, in my view, think it does.

    I think people under-estimate how much you can build from disparate bits of information seemingly un-connected. People who are used to mining such information are perhaps more aware of it.


  • Registered Users, Registered Users 2 Posts: 22,584 ✭✭✭✭Steve


    1984 is upon us... just a bit late.

    What happened to common sense?

    If you post stuff on the internet, you may as well spray paint it on the wall outside your house. Anyone that hasn't copped on to that in this day and age needs to be unplugged from the rest of the world.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    I think its a little more nuanced than that. Companies (people) cant say they will use your data for one thing, then use it for another thing, or indeed keep it after its no longer needed for its original purpose.


  • Registered Users, Registered Users 2 Posts: 7,350 ✭✭✭Jeff2


    Steve wrote: »
    1984 is upon us... just a bit late.

    What happened to common sense?

    If you post stuff on the internet, you may as well spray paint it on the wall outside your house. Anyone that hasn't copped on to that in this day and age needs to be unplugged from the rest of the world.
    Do you know any forum can hide a thread rather than lock it.
    Or just delete it.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Advertisement
  • Administrators, Entertainment Moderators, Social & Fun Moderators, Society & Culture Moderators Posts: 18,774 Admin ✭✭✭✭✭hullaballoo


    What I've been driving clumsily at is that there is more nuance to it than absolute rights to x, y and z. There are, as always, competing rights of individuals, be they private individuals or corporate.


  • Closed Accounts Posts: 7,070 ✭✭✭Franz Von Peppercorn


    What I've been driving clumsily at is that there is more nuance to it than absolute rights to x, y and z. There are, as always, competing rights of individuals, be they private individuals or corporate.

    That’s not saying very much. One thing is certain information shouldn’t be kept when an account is closed. The only reason boards would have to do that is to track old accounts. The only byudiness case they have got that is to ban re reg trolls. But that’s probably not enough.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Registered Users, Registered Users 2 Posts: 272 ✭✭BowSideChamp


    Are PM's on boards.ie still sent via html, not through secure ssl? GDPR requires personal information to be encrypted. Surely there is sensitive information vulnerable.


  • Moderators, Category Moderators, Arts Moderators, Business & Finance Moderators, Entertainment Moderators, Society & Culture Moderators Posts: 18,375 CMod ✭✭✭✭Nody


    ....... wrote: »
    This post has been deleted.
    You are aware that the existing functions to be forgotten were set up with the approval of the Irish Data Protection Inspection, right? Hence they met all the requirements as they don't keep the personal data of a closed account; they get a hashtag number of the data which can only be used to check against another hashtag number to see if they match or not. Hence the e-mail address, name etc. are unknown when the closing of the account has happened and they can not go in and check if closed account Y has e-mail joe.blogs@gmail.com or joes.blogs@gmail.com any more.


  • Closed Accounts Posts: 9,057 ✭✭✭.......


    This post has been deleted.


  • Closed Accounts Posts: 39,022 ✭✭✭✭Permabear


    This post has been deleted.


  • Closed Accounts Posts: 22,648 ✭✭✭✭beauf


    "identifiable" is a game changer.

    Considering all the companies and technologies that string lots of snippets together to get meaningful data on people.


  • Boards.ie Employee Posts: 12,597 ✭✭✭✭✭Boards.ie: Niamh
    Boards.ie Community Manager


    We will always remove, if requested to, any identifying information that someone has posted either purposely or inadvertently - their real name, phone number, email address, Eircode, address, employers, etc. Often posts of this nature are reported by other eagle-eyed users, however occasionally someone will contact us about a post they made in their distant past with their mobile number or something similar and ask us to remove it. It is never an issue to edit or remove these posts and this has always been the case.

    It's interesting to hear the different interpretations of the legislation and it'll also be interesting to see how it will shape things for the future for the internet/companies in general, not just us.

    As Mark and dudara posted on Friday, we will have an announcement about this soon after we have received all legal advice.


  • Advertisement
This discussion has been closed.
Advertisement